ZipRecruiter

Log In

2

Third Party Risk Analyst Remote Jobs in California

Maverick Payments

Risk Analyst II

Calabasas, CA · On-site +1

$30 - $34/hr

Pay Range: $30- $34/ hr. This position will consider remote telework for candidates in the ... Resumes submitted to any Maverick Payments employee by a third-party agency and/or search firm ...

Apogee Global RMS

Risk Analyst

San Jose, CA · On-site +1

Remote within the United States. Occasional travel for client engagements or firm offsites at ... Risk Analyst Contract Application." Applications are reviewed on a rolling basis.

Apogee Global RMS

Risk Analyst

San Jose, CA · Remote

Remote within the United States. Occasional travel for client engagements or firm offsites at ... Risk Analyst Contract Application." Applications are reviewed on a rolling basis.

Deloitte

Senior Consultant - ServiceNow

Los Angeles, CA · Remote

Analyzing processes, controls, and tools to identify opportunities for ServiceNow configuration and ... Third-Party Risk Management, and ServiceNow AI Control Tower use cases * Supporting functional ...

Deloitte

Senior Consultant - ServiceNow

Fresno, CA · Remote

Analyzing processes, controls, and tools to identify opportunities for ServiceNow configuration and ... Third-Party Risk Management, and ServiceNow AI Control Tower use cases * Supporting functional ...

Deloitte

Senior Consultant - ServiceNow

Inglewood, CA · Remote

Analyzing processes, controls, and tools to identify opportunities for ServiceNow configuration and ... Third-Party Risk Management, and ServiceNow AI Control Tower use cases * Supporting functional ...

Deloitte

Senior Consultant - ServiceNow

Costa Mesa, CA · Remote

Analyzing processes, controls, and tools to identify opportunities for ServiceNow configuration and ... Third-Party Risk Management, and ServiceNow AI Control Tower use cases * Supporting functional ...

Deloitte

Senior Consultant - ServiceNow

San Diego, CA · Remote

Analyzing processes, controls, and tools to identify opportunities for ServiceNow configuration and ... Third-Party Risk Management, and ServiceNow AI Control Tower use cases * Supporting functional ...

next page

Showing results 1-20

People also search for

All JobsThird Party Risk Analyst Remote JobsThird Party Risk Analyst Remote Jobs in California

Third Party Risk Analyst Remote information

What are the key skills and qualifications needed to thrive as a Third Party Risk Analyst (Remote), and why are they important?

To thrive as a Third Party Risk Analyst (Remote), you need a solid understanding of risk management frameworks, vendor due diligence, and compliance regulations, typically supported by a bachelor's degree in a related field. Familiarity with risk assessment tools, GRC (governance, risk, and compliance) platforms, and certifications such as CTPRA or CISA are often required. Strong analytical thinking, attention to detail, and effective communication are essential soft skills for evaluating and managing third-party risks collaboratively. These skills ensure organizations can identify, assess, and mitigate risks posed by external partners, maintaining regulatory compliance and protecting business interests.

How does a Third Party Risk Analyst collaborate with other departments in a remote work setting?

As a remote Third Party Risk Analyst, collaboration with departments such as procurement, legal, IT security, and compliance is typically achieved through regular virtual meetings and shared documentation platforms. You’ll often coordinate with these teams to assess vendor risks, review contracts, and ensure compliance with company policies. Clear communication and proactive follow-ups are key, as you may be managing multiple projects and stakeholders simultaneously. Building strong remote relationships helps streamline risk assessment processes and ensures effective risk mitigation strategies.

What does a Third Party Risk Analyst do?

A Third Party Risk Analyst is responsible for assessing and managing the risks associated with an organization’s external vendors or partners. They evaluate third parties to ensure they meet security, compliance, and operational standards. This role often involves conducting risk assessments, monitoring vendor performance, and recommending risk mitigation strategies. Working remotely, these analysts use digital tools to collaborate with internal teams and communicate with vendors.

What is the difference between Third Party Risk Analyst Remote vs Vendor Risk Analyst?

AspectThird Party Risk Analyst RemoteVendor Risk Analyst
CredentialsCertifications like CRISC, CISA often preferredSimilar certifications, often including CRISC, CISA
Work EnvironmentRemote, primarily online collaborationRemote or on-site, depending on company policy
Industry UsageFinancial, healthcare, technology sectorsFinancial, retail, manufacturing sectors
Job FocusAssessing third-party risks and complianceEvaluating vendor security and operational risks

The main difference is that a Third Party Risk Analyst Remote focuses on assessing risks posed by third-party entities across various industries, often working remotely. A Vendor Risk Analyst typically concentrates on evaluating specific vendors' security and operational risks, which may involve more direct vendor interactions. Both roles require similar certifications and work environments, but their scope and focus differ slightly.

What are the most commonly searched types of Third Party Risk Analyst jobs in California? The most popular types of Third Party Risk Analyst jobs in California are:
What are popular job titles related to Third Party Risk Analyst Remote jobs in California? For Third Party Risk Analyst Remote jobs in California, the most frequently searched job titles are:
What job categories do people searching Third Party Risk Analyst Remote jobs in California look for? The top searched job categories for Third Party Risk Analyst Remote jobs in California are:
What cities in California are hiring for Third Party Risk Analyst Remote jobs? Cities in California with the most Third Party Risk Analyst Remote job openings:
Third Party Risk Analyst Remote jobs near you
Senior Analyst, Third Party Risk Management (Remote Eligible - Costa Rica)

Senior Analyst, Third Party Risk Management (Remote Eligible - Costa Rica)

Smartsheet

San Jose, CA • On-site, Remote

Full-time

Posted 5 days ago

Smartsheet rating

8.4

Company rating: 8.4 out of 10

Based on 5 frontline employees who took The Breakroom Quiz

60th of 184 rated software companies

Job description

For over 20 years, Smartsheet has helped people and teams achieve-well, anything. From seamless work management to smart, scalable solutions, we've always worked with flow. We're building tools that empower teams to automate the manual, uncover insights, and scale smarter. But more than that, we're creating space- space to think big, take action, and unlock the kind of work that truly matters. Because when challenge meets purpose, and passion turns into progress, that's magic at work, and it's what we show up for everyday.
Smartsheet is seeking a dedicated, experienced Third Party Risk Management (TPRM) Senior Analyst to join our Risk team. This is a high-visibility, cross-functional role that requires sustained focus and ownership; you will be a primary point of contact for vendor risk across the organization, interfacing regularly with cross-functional teams (Legal, Procurement, Privacy, and Information Security) as well as system owners.
This role is a meaningful commitment. You will own a portfolio of vendor assessments and help drive program maturity. We are looking for someone who brings deep focus and genuine investment to this work, the kind of professional who sees TPRM not as a checkbox function but as a critical enabler of trust for a global SaaS platform.
You will report to the Third Party Risk Integration Manager located in the US. This role is eligible for remote work within Costa Rica. You must reside in Costa Rica.
You Will
  • Lead end-to-end Third Party Risk Assessments for new and existing vendors, including vendor tiering, scoping, questionnaire management, and findings documentation.
  • Own the ongoing monitoring and tracking of vendor risk across Smartsheet's third-party portfolio, ensuring timely follow-up on remediation activities and risk acceptance decisions.
  • Evaluate vendor security documentation including SOC 2 reports, penetration testing results, ISO certifications, and other control attestations - and translate findings into clear, actionable risk summaries for stakeholders.
  • Drive process improvement initiatives within the TPRM program, identifying opportunities to scale and mature the program through better tooling, automation, and workflow design.
  • Collaborate cross-functionally with Legal, Procurement, Information Security, Privacy, and business stakeholders to ensure vendor risk considerations are embedded in sourcing and renewal decisions.
  • Leverage AI tools (including Claude and Microsoft Copilot) to increase efficiency in vendor reviews and documentation - while applying sound judgment to review, validate, and take accountability for AI-generated outputs.
  • Contribute to broader risk program activities including risk reporting, policy review, and program documentation as part of a lean, high-performing Risk team.
  • Support the development of TPRM metrics and reporting to provide leadership with meaningful visibility into the organization's third-party risk exposure.
  • Other job duties as assigned

You have
  • 5+ years of experience in third party risk management, vendor risk, GRC, information security, audit, or compliance - with direct experience conducting vendor or third-party risk assessments.
  • Practical knowledge of one or more risk or regulatory frameworks such as NIST, ISO 27001, COSO, COBIT, AICPA SOC/TSP, PCI DSS, or similar.
  • Familiarity with vendor security questionnaire frameworks, including SIG (Shared Assessments) and/or CSA CAIQ.
  • Demonstrated ability to review and interpret SOC 2 reports, penetration testing summaries, and other vendor security attestations.
  • Experience working in cross-functional environments involving Legal, Procurement, and/or Engineering stakeholders.
  • Strong written and verbal communication skills in English, with the ability to translate technical risk findings into clear business language.
  • Effective critical thinking and judgment - able to assess risk materiality, prioritize competing demands, and escalate appropriately.
  • Comfort working with and evaluating AI-generated content, with a clear understanding of the need to verify outputs before relying on them in risk decisions.
  • Adaptability to evolving regulatory requirements and a genuine interest in staying current on the third-party risk landscape.

Nice to have
  • Experience with vendor risk management platforms such as AuditBoard, Archer, OneTrust, ServiceNow GRC, Vanta, or Coupa.
  • Background in SaaS, cloud, or technology company environments.
  • Familiarity with AI-assisted workflows in a GRC or compliance context.
  • Experience supporting or contributing to audit processes (e.g., SOC 2, ISO 27001, BARR).
  • Relevant certifications such as CISA, CRISC, CTPRP, or equivalent.
  • Experience with operational risk across multiple business units, legal entities, or jurisdictions.

Teleworking options from any registered location in Costa Rica (role specific)
Get to Know Us:
At Smartsheet, your ideas are heard, your potential is supported, and your contributions have real impact. You'll have the freedom to explore, push boundaries, and grow beyond your role. We welcome diverse perspectives and nontraditional paths-because we know that impact comes from individuals who care deeply and challenge thoughtfully. When you're doing work that stretches you, excites you, and connects you to something bigger, that's magic at work. Let's build what's next, together.
Equal Opportunity Employer:
Smartsheet is an Equal Opportunity (EEO) employer committed to fostering an inclusive environment with the best employees. It is our policy to provide equal employment opportunities to all qualified applicants in accordance with applicable laws in the US, UK, Australia, Germany, Costa Rica, Japan, Bulgaria, and India. All qualified applicants will receive consideration without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, protected veteran or disabled status, or genetic information.
If there are preparations we can make to help ensure you have a comfortable and positive interview experience, please let us know.
#LI-Remote

Apply